Octopus Server 2022.3.10594

CPE Details

Octopus Server 2022.3.10594
octopus
octopus_server
2022.3.10594
2022-10-07
09h21 +00:00
2022-10-07
12h47 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:octopus:octopus_server:2022.3.10594:*:*:*:*:*:*:*

Informations

Vendor

octopus

Product

octopus_server

Version

2022.3.10594

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-1904 2023-12-14 07h23 +00:00 In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.
7.5
Haute
CVE-2022-2416 2023-08-02 05h26 +00:00 In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.
5.5
Moyen
CVE-2022-2346 2023-08-02 01h09 +00:00 In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.
5.5
Moyen
CVE-2022-4870 2023-05-17 22h00 +00:00 In affected versions of Octopus Deploy it is possible to discover network details via error message
5.3
Moyen
CVE-2022-4008 2023-05-10 00h00 +00:00 In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
5.5
Moyen
CVE-2022-2507 2023-04-19 00h00 +00:00 In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage
5.3
Moyen
CVE-2022-4009 2023-03-16 00h00 +00:00 In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation
8.8
Haute
CVE-2022-2258 2023-03-13 00h00 +00:00 In affected versions of Octopus Deploy it is possible for a user to view Tagsets without being explicitly assigned permissions to view these items
4.3
Moyen
CVE-2022-2259 2023-03-13 00h00 +00:00 In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items
4.3
Moyen
CVE-2022-2883 2023-02-22 00h00 +00:00 In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
7.5
Haute
CVE-2022-4898 2023-01-30 23h00 +00:00 In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS
5.4
Moyen
CVE-2022-3614 2023-01-02 23h00 +00:00 In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.
6.1
Moyen
CVE-2022-3460 2023-01-01 23h00 +00:00 In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.
7.5
Haute